In a Loopback application, there's mention of a built-in Application model.
This page says "contains metadata for a client application that
has its own identity and associated configuration with the LoopBack
server."
When clicking through the referenced page it further elaborates with this:
Application model
Use the Application model to manage client applications and organize
their users.
The default model definition file is common/models/application.json in
the LoopBack repository.
The first link in that paragraph I think is incorrect as it refer to the Express application wrapper, rather than an instance of the model.
The second link details the attributes of the model. There's mentions of things like ownership, realms (which is mentioned in the context of Users), and various other settings.
The Application model is mentioned in a few places in the documentation but it doesn't really explain how to use it.
How would you access the Application model in an app?
Where are all the attributes defined in your app?
Can you have more than one Application instances, and why?
Hope this isn't taken as a subjective topic, I'm really just after better documentation on the topic.
The Application model in LoopBack is meant to act similarly to the User model, but instead of individual users using the API, apps can also gain access to the API. An example would be if you had a payment API. You might want to grant access to users so they can transfer money to each other, but you might also want to grant access to a web app (online store) or provide a payment service to mobile apps.
I suggest going into server/model-config.json and adding the following:
"application": {
"dataSource": "db",
"public": true
}
You can then open up the component-explorer and play around with API endpoints for the application model. Here are the API docs
(I also suggest you open up an issue on loopback requesting better documentation.)
Related
I'm using Azure Custom Decision Service (https://learn.microsoft.com/en-us/azure/cognitive-services/custom-decision-service/custom-decision-service-overview) and have a few API questions.
From the documentation, I'm seeing that there is a Reward API for user clicking on the first recommended article. But is there other click events? Is the service also "learn" when user click on an article that isn't in the recommended list?
I couldn’t find where we send user info, how does Custom Decision Service helps with article “personalization”? Is it based on a cookie?
At the moment, we're only learning from a click on the top slot or first recommended article. We are considering enhancing the Decision Service to support learning from clicks on multiple slots but this is not yet in the service.
We automatically generate user features, today we use geo location and device type. We do use cookies but we're not learning from those yet.
What is the ideal scenario to use platformwebservices and ycommercewebservices, and what is the difference between the two.
Platformwebservices
provide secure CRUD access to all models in the service layer over a well understood and widely adopted protocol.
A secured RESTful access to all Hybris models, when you create or update an item the platform web services will generate / update the API for you.It's accessible from '/ws410'. You do not need to change anything within this extension.
Ycommercewebservices
exposes part of the Commerce Facades as REST-based web services, including calls for product search and product details. The focus is to provide a working example of how a REST-based API can be exposed.
First it's a template, as it starts with 'Y' so to create your own you need to run 'ant extgen'. It will provide you RESTful access to few out of the box Facades. Up to you to add more Facades or update the existing one.
for OCC implementations use CommerceWebservices. PlatformWebservices are for doing basic CRUD operations and it completely bypasses the business logic .
So if you want to leverage any hybris provided business logic and don't want to write your own logic for example cart management CommerceWebservices is the recommended way.
I'm making an app that authenticates a coach with KA's API, in order to present statistics and reports on the progress of each student.
How do I see "For whom am I a coach" (inverse of /api/v1/user.coaches)?
or otherwise request user and progress data for all my students?
You can request /api/v1/user/students to get a list of the currently authenticated users' students. Note that this is an undocumented endpoint, not sure if that's on purpose or not, but I suspect just an oversight because IIRC I've seen them reference it on github issues in the past.
I added that endpoint to the khan npm module in this PR: https://github.com/weo-edu/khan/pull/4
An important caveat to note is that as of this writing, you won't be able to request students on behalf of a user who has authenticated your application, only the user who created the app you're currently using.
Put another way: If I create an application called "hello" while logged in as "Jeffrey", I can get all of Jeffrey's students by authenticating with the "hello" app. However, If I log in as Lisa via the "hello" app (via oauth, e.g. passport-khan), I'll have an access token but the Khan API will refuse my request because Lisa did not create the "hello" app.
This behavior is documented (albeit a bit confusingly) in this wiki page, here's the relevant paragraph:
It is recommended that schools have one teacher/coach account that registers for an API key. This enables a situation where the logged-in user is the same as the third-party developer, who then can access their own students' data pursuant to Khan Academy's "coach" relationship. For example, suppose the principal of Riverdale High wished to export data for multiple students via the API. The principal would create a teacher/coach account, perhaps called "RiverdaleHighAPI," and register for an API key. The principal would then ask all students of Riverdale High to add "RiverdaleHighAPI" as a coach, either directly or via several class codes. When accessing the API with "RiverdaleHighAPI" as the logged in user, the principal would be able to access the data for all students that have added "RiverdaleHighAPI" as a coach. The app would not have access to any other coaches' student data, even if another coach logged in through the app. To protect student privacy, we do not allow indirect consent through the coach, and we require each student to explicitly grant permission to access their data. Please note that we are working to improve this functionality; for the time being, this "RiverdaleHighAPI" account should only be used by the school's API client, not by any actual teacher or coach.
Lastly, khan actually encourages public use of their internal API. They recommend opening up your developer console while logged in to khan and looking for the endpoints that return the data you want. (see this note on their authentication document).
This is obviously a fairly non-standard practice and I assume the endpoints would be subject to breaking changes without warning. Also you'll be flying documentation free. That said, this approach may be the most robust option for your purposes. Here's the quote from their wiki for posterity:
The API explorer documents our public API, which has URLs starting with /api/v1, but unfortunately it's not very well-maintained and lacking in a few areas.
If you're feeling adventurous, though, you're welcome to use any internal undocumented API endpoints. For example, if you load a Khan Academy video page and use your browser's developer tools to look at the ajax requests being sent, you'll see that it gets a URL like /api/internal/videos/aubZU0iWtgI/transcript, which contains a JSON response with the video subtitles. That "internal" in the name means that we don't provide documentation, and we may remove the endpoint or change the format in the future, but you're welcome to use any internal endpoints if you keep those caveats in mind.
What are the basic functionality which it provides?
Specifically for the person who has never used asp.net built in stuff.
The MSDN tutorial is confusing me a lot. Claims, OWIN,etc are going above my head.
What I can make out of all this is - The Identity framework helps me to manage my application plus social logins. It handles my cookie,etc.
What if I have just one role in my application - just the plain user?
Should I go for the Identity then or I should implement my own custom thing?
Any help is appreciated.
If you are starting from scratch, build a sample MVC project with individual membership option, which will create the following components for you:
Login module that creates and manages authentication cookies
Simple database to store basic user data (credentials, name)
EF code to interact with the database
This will most likely meet your use case for a user without roles and attributes.
OWIN really has nothing to do with authentication, it is a new spec for building web apps. The login module happens to be implemented according to this spec and it sounds cool, so Microsoft likes to throw this term around a lot.
If you are not planning to have authorization logic in the app, then you don't need to worry about Claims. Claims is another term for user attributes (login, name, roles, permissions). The Claims collection will be populated by the framework, but you most likely won't use it. If you need just the user id/name, the old ASP.NET interfaces are still there to get this data.
As far as implementing your own, I've seen people here ditching the database and EF code, especially if they already have an existing user store. You just need to implement a credential verification logic against your store. You don't want to build your own cookie management, though. Use the login module provided by Microsoft or well established third party systems (SiteMinder, Tivoli, etc.)
Looks at this open source project for a good alternative to ASP.NET Identity.
This is a very well put together tutorial that explains many of these concepts, you can get a free trial to the site to see it.
We have chosen a REST based architecture for a new web based application. The entire platform is exposed in the form of a RESTful service so that any UI (WEB/Mobile) can be built on top of these. So, the application is in 3 layers, the DB, the Application layer - this just exposes RESTful services, and UI - currently a HTML5/CSS/Javascript based UI consuming web services.
This application also has role based access and hence the UI has to be designed based on the role. Is it a good idea for a web service to return the set of privileges in a service response and then use it in Javascript to build the UI?
UI variations for roles can be as follows:
Main menu might change based on the role
Tabs have to controlled based on roles
Most of the pages in the application are widget based, and display of widgets is again tagged to roles
Once again, I would like to know if this is a right idea to go ahead with. Please suggest.
To follow the HATEOAS (Hypermedia As The Engine Of Application State) constraint, you should have the REST service itself be providing what state transitions (i.e. links) are valid for the "application state", which includes any particular logic about what navigation, tabs, etc are available based on the role(s) of the user.
As such, your resources should be designed in such a way that they can return results that are specific to your logged in user.
E.g. (using HAL as the hypermedia type)
GET /users/123/navigation
{
"_links": {
"http://api.service.com/rels/home": { "href"="/" "title"="Home" },
"http://api.service.com/rels/admin": { "href"="/admin" "title"="Admin" }
}
}
Doing so keeps the business logic of "what roles can do what" in the service, which is really where that logic belongs.
for that you need to store all the menu option , widget and pages name in databse and also load menu at runtime.(i.e your first request is send role and getMnu from server)
you can easily create role based Rest ARchitecture and also provide security to Restful Services.